MongoDB Ransomware Impacts Over 10,000 Databases
Found on eWEEK on Friday, 06 January 2017
The attack against MongoDB is a fairly simple one and is taking advantage of databases that have been misconfigured and left open, without the need for a user to first have proper administrative credentials. Once the attackers log into the open database, the next step is to fully take control and then steal or encrypt the database, offering it back to the victims only on receipt of the Bitcoin ransom payment.
The solution to the MongoDB security risk involves database administrators following the security checklist that MongoDB outlines on its website. The very first item on the checklist is 'enable access control and enforce authentication.'
So a fairly large number of "developers" neglected the most basic security steps after the installation and left not only the database port open to the public, but also failed to set a decent password. Furthermore, the threat is only a threat to those who, additionally to those grave mistakes, don't have backups. You reap what you sow.